
Just be grateful!
At least Fujitsu didn't win it, so this may work!
37 publicly visible posts • joined 4 Nov 2015
Rebecca Thomson was the first journalist to write about the Post Office Horizon Scandal. Nick Wallis is clearly a power house that help push it more into the public eye, but it's shocking that it's not known about more. I know lots of people who work at Fujitsu and this isn't mention in the company, some of those staff have been with Fujitsu when they were ICL (ICL was 80% owned by Fujitsu).
Nick and Rebecca have a podcast that is covering the inquiry https://www.postofficescandal.uk/podcast/
"The expert witnesses from Fujitsu surely must have been advised by Fujitsu's legal team, and it's beyond belief that they would have advised those witnesses to commit perjury.....There's more to this than meets the eye."
You've clearly never had any dealings with Fujitsu, if their legal team is internal, providing that advice would make complete sense and would be in-keeping with how all the other Fujitsu departments conduct themselves...
Wonder if any have ISACA or ISC2 certifications, if so they would have agreed to abide by the code of Ehtics.
Having passed the CISSP recently (please don't hate me, I have a mortgage pay for and wife and kids to support), they make a big deal of these and I'm sure and the Post Office or Fujitsu staff working on that project would have clearly breached 1,2 and 4, wonder if anyone will have their certifications removed or face over sanctions?
Code of Ethics Canons:
1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
2. Act honorably, honestly, justly, responsibly, and legally.
3. Provide diligent and competent service to principals.
4. Advance and protect the profession.
Source https://www.isc2.org/Ethics
The MAC address is only seen in the layer 2 broadcast domain the host connects to.
As soon as the host requests a resource that is not available on the broadcast domain it resides on it sues IP addressing, and with each hop across the various networks the traffic goes, the source and destination MAC addresses will change (to be the ingress and egress interfaces MAC addresses of that layer 2 broadcast domain).
TL:DR
Which basically means:
Unless 'the likes of Google, Amazon, Facebook, NSA etc etc' own (of have access to) the AP you are connecting to, they're unlikely to see you MAC address.
The big issue here is connecting to your office environment and the supporting of that.
If you believe that someone with the resources of 'the likes of Google, Amazon, Facebook, NSA etc etc' would be using the MAC address to track you is ludicrous, I can see the argument about companies tracking you, but for a lot of public WiFi you need to register anyway!!!
In short, from a security perspective, yes it is better then nothing, but they should have an option to be able to set a MAC address for a SSID so that when you go to your trusted networks, such as work and home or VPN, it will cause less issues (and allow of the use of Dynamic ARP Inspection and other LAN security measures) and randomly set it for any network that you select to be 'public'.
The latter where being the default maybe?
Good points, badly made, now consider this...
For future roles, knowing how companies love to save money, why employ permanent staff when you can employ contractors, and not have to pay for the 25-30 they aren't actually working for you (holiday), no pension contributions, training, no paternity or maternity right but pay them more (let's go with 20%) which they'll be taxed more on.
Now move forward a little time, why have permanent staff at all? I can employ people, lower the rates down gradually (do you want the job or not?) so eventually it's parity with the market rate for a full time employee, but I get 25-30 days more productivity out of the for the same cost, I don't have to pay pension contributions, training time off for illness and other things and I can get rid of you without a tribunal (you're not an employee), that what this does.
Luckily companies aren't unscrupulous I suppose, otherwise that would be a real concern...
I'd be more concerned about any of the files that the attacker may have got control off and if they get released to the public.
I'm not too concerned about anything to do with National Security being released, it's the prospect of pictures of her and/or Jeremy Corbyn in various states of undress from when they were knocking boots..... 'Shudders'
Whilst I appreciate privacy is important, security is also, and if this can help stop bad things happening, great.
And if they get my phone and discover the only dubious thing I do is read El Reg and they obtain all the pictures of my cat I've taken, I wouldn't consider that a bad thing, my cat looks awesome....
Security is everyone's responsibility, clearly for some it's to a greater extent, like if you job is an admin.
But if you let you user onto any production (or any business paid for network including a dedicated BYOD internet connection) and you don't provide them training (or guidelines at the very least) on how it works and a system operation agreement for them to sign outlining what is expected of them and what they shouldn't do, then you're in trouble to start with.
Yep, signing a piece of paper they won't read won't stop them doing stupid stuff, but at least you have cover, and you should be locking down the system to prevent the obvious, and providing regular (but not spamming) tips and advice, more importantly, you need HR on board, I'm yet to meet an organisation even with a fully manned SOC monitoring every log known to man, and a fully supported NOC and a room full of admins to ensure the environment is fed and watered, that can block stupid.
Saying you don't expect users to participate in security is a defeatist attitude given the current threats such as phishing and I believe that mindset is setting oneself up for trouble.
Let's be fair, if the majority of FJ staff I know were to go on strike, productivity will not go down.
They have some great engineers working for them, however they have a larger number of people who are in positions because they have a pulse and are willing to turn up and accept not much money for the job they are doing.
This then compounds the problem, low paid and untrained or inexperienced staff cannot provide the service their customer deserves, but then again, FJ have just been massively under cutting the likes of Crapita, DXC etc. to win contracts, hence the lack of staff, and more importantly, the lack of staff competent in the disciplines they find themselves in.
As for contractors, they have employed (due to a lack of permie staff) a lot of contractors who have never touched the technologies they are supposed to be looking after, and in the field I work in (and have to deal with them) it's embarrassing when you ask a simple question and they don't understand basic and simple terminology
As an example, I working networking and several of their contracted 'network engineers' didn't know what a subnet was., and to compound the issue, they are being paid about half of what I would consider the going day rate. This gives genuine, skilled and talented contractors a very bad reputation.
Surely IEEE standards and standards of that ilk are created to prevent propriety network solutions.
I appreciate people will still use vendor driven solutions if they don't have their own network team and outsource to vendors professional services, but every project I've worked on stipulated COTS products and non propriety network configurations (so no EiGRP, despite no longer propriety etc.).
What about basic things such as network segmentation? InterVLAN policing of traffic? 802.11 wireless standards? 802.1x and 802.1ae protections?
I bought one when it was on Indiegogo, it great because now I have an easy method to pop out in Los Angeles and listen to KROQ, who geo-block web listeners. It's also very convenient for providing some form of protection when using public Wi-Fi networks in hotels etc.
If you fell the alphabet agencies are after you, to be honest, they'll go after you laptop or phone. I'm all for personal internet security, but let's bring this into perspective, this device is merely aimed at being part of your security, if you want one device that removes any risk for you data and internet usage, go and invent it, one simply doesn't exist. If you don't trust it, don't buy one. This product, for me, is about aiding in protecting me in public locations where I use public Wi-Fi hotspots, and as the reveiw said, it's very easy to use. The other alternative is to use my 4G allowance, that is no way a safer alternative.
I just don't get it, I suppose for the same reason I don't understand people actively following the lives of people like Paris Hilton, Bruce "or whatever her name is now" Jenner and the Kardashians.
The followers of just those people should provide ample evidence that the public cannot be trusted with information unless it is OK magazine.
The world is not a safer place thanks to this speccy twat, all the extremists, paedo's and other groups of people with fundamental character flaws has just changed their methods of communication making the world less safe.
Meanwhile in OK magazine, Paris Hilton shows some thigh.. (And she look like a grasshopper).
The yoof form London arrested at his house in Norwich.
The funny thing with people is they mostly have legs which affords them the ability to read....
The other funny thing is with people is they mostly have eyes and a brain, but this doesn't always afford them the gift of using them in conjunction with each other.....